Search criteria
6 vulnerabilities found for reposilite by reposilite
FKIE_CVE-2024-36117
Vulnerability from fkie_nvd - Published: 2024-06-19 18:15 - Updated: 2025-03-06 18:01
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version 3.5.12. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-074.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| reposilite | reposilite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:reposilite:reposilite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F935C2DB-75EA-4FCF-92D2-7AEA94878CFE",
"versionEndExcluding": "3.5.12",
"versionStartIncluding": "3.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version 3.5.12. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-074."
},
{
"lang": "es",
"value": "Reposilite es un administrador de repositorio de c\u00f3digo abierto, liviano y f\u00e1cil de usar para artefactos basados en Maven en el ecosistema JVM. Reposilite v3.5.10 se ve afectado por una vulnerabilidad de lectura arbitraria de archivos a trav\u00e9s del recorrido de ruta mientras sirve archivos javadoc expandidos. Reposilite ha solucionado este problema en la versi\u00f3n 3.5.12. No se conocen workarounds para esta vulnerabilidad. Este problema fue descubierto e informado por el laboratorio de seguridad de GitHub y tambi\u00e9n se rastrea como GHSL-2024-074."
}
],
"id": "CVE-2024-36117",
"lastModified": "2025-03-06T18:01:43.380",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-19T18:15:11.220",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/dzikoysk/reposilite/commit/e172ae4b539c822d0d6e04cf090713c7202a79d6"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/dzikoysk/reposilite/releases/tag/3.5.12"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/dzikoysk/reposilite/security/advisories/GHSA-82j3-hf72-7x93"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/dzikoysk/reposilite/releases/tag/3.5.12"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-36116
Vulnerability from fkie_nvd - Published: 2024-06-19 18:15 - Updated: 2025-03-06 18:00
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite provides support for JavaDocs files, which are archives that contain documentation for artifacts. Specifically, JavadocEndpoints.kt controller allows to expand the javadoc archive into the server's file system and return its content. The problem is in the way how the archives are expanded, specifically how the new filename is created. The `file.name` taken from the archive can contain path traversal characters, such as '/../../../anything.txt', so the resulting extraction path can be outside the target directory. If the archive is taken from an untrusted source, such as Maven Central or JitPack for example, an attacker can craft a special archive to overwrite any local file on Reposilite instance. This could lead to remote code execution, for example by placing a new plugin into the '$workspace$/plugins' directory. Alternatively, an attacker can overwrite the content of any other package. Note that the attacker can use its own malicious package from Maven Central to overwrite any other package on Reposilite. Reposilite has addressed this issue in version 3.5.12. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-073.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| reposilite | reposilite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:reposilite:reposilite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F935C2DB-75EA-4FCF-92D2-7AEA94878CFE",
"versionEndExcluding": "3.5.12",
"versionStartIncluding": "3.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite provides support for JavaDocs files, which are archives that contain documentation for artifacts. Specifically, JavadocEndpoints.kt controller allows to expand the javadoc archive into the server\u0027s file system and return its content. The problem is in the way how the archives are expanded, specifically how the new filename is created. The `file.name` taken from the archive can contain path traversal characters, such as \u0027/../../../anything.txt\u0027, so the resulting extraction path can be outside the target directory. If the archive is taken from an untrusted source, such as Maven Central or JitPack for example, an attacker can craft a special archive to overwrite any local file on Reposilite instance. This could lead to remote code execution, for example by placing a new plugin into the \u0027$workspace$/plugins\u0027 directory. Alternatively, an attacker can overwrite the content of any other package. Note that the attacker can use its own malicious package from Maven Central to overwrite any other package on Reposilite. Reposilite has addressed this issue in version 3.5.12. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-073."
},
{
"lang": "es",
"value": "Reposilite es un administrador de repositorio de c\u00f3digo abierto, liviano y f\u00e1cil de usar para artefactos basados en Maven en el ecosistema JVM. Reposilite brinda soporte para archivos JavaDocs, que son archivos que contienen documentaci\u00f3n para artefactos. Espec\u00edficamente, el controlador JavadocEndpoints.kt permite expandir el archivo javadoc al sistema de archivos del servidor y devolver su contenido. El problema est\u00e1 en la forma en que se expanden los archivos, espec\u00edficamente en c\u00f3mo se crea el nuevo nombre de archivo. El `file.name` tomado del archivo puede contener caracteres de path traversal, como \u0027/../../../anything.txt\u0027, por lo que la ruta de extracci\u00f3n resultante puede estar fuera del directorio de destino. Si el archivo se toma de una fuente que no es de confianza, como Maven Central o JitPack, por ejemplo, un atacante puede crear un archivo especial para sobrescribir cualquier archivo local en la instancia de Reposilite. Esto podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo, por ejemplo, colocando un nuevo complemento en el directorio \u0027$workspace$/plugins\u0027. Alternativamente, un atacante puede sobrescribir el contenido de cualquier otro paquete. Tenga en cuenta que el atacante puede utilizar su propio paquete malicioso de Maven Central para sobrescribir cualquier otro paquete en Reposilite. Reposilite ha solucionado este problema en la versi\u00f3n 3.5.12. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad. Este problema fue descubierto e informado por el laboratorio de seguridad de GitHub y tambi\u00e9n se rastrea como GHSL-2024-073."
}
],
"id": "CVE-2024-36116",
"lastModified": "2025-03-06T18:00:51.670",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-19T18:15:10.910",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/dzikoysk/reposilite/commit/848173738e4375482c70365db5cebae29f125eaa"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/dzikoysk/reposilite/releases/tag/3.5.12"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/dzikoysk/reposilite/security/advisories/GHSA-frvj-cfq4-3228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/dzikoysk/reposilite/commit/848173738e4375482c70365db5cebae29f125eaa"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/dzikoysk/reposilite/releases/tag/3.5.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/dzikoysk/reposilite/security/advisories/GHSA-frvj-cfq4-3228"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-36117 (GCVE-0-2024-36117)
Vulnerability from cvelistv5 – Published: 2024-06-19 17:37 – Updated: 2024-11-04 18:25
VLAI?
Title
Path traversal while serving Reposilite javadoc expanded files
Summary
Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version 3.5.12. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-074.
Severity ?
8.6 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| dzikoysk | reposilite |
Affected:
>= 3.3.0, < 3.5.12
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dzikoysk:reposilite:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "reposilite",
"vendor": "dzikoysk",
"versions": [
{
"lessThan": "3.5.12",
"status": "affected",
"version": "3.3.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36117",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T17:54:45.745469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T17:57:20.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:13.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/dzikoysk/reposilite/releases/tag/3.5.12",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dzikoysk/reposilite/releases/tag/3.5.12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "reposilite",
"vendor": "dzikoysk",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.3.0, \u003c 3.5.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version 3.5.12. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-074."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T18:25:47.436Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dzikoysk/reposilite/releases/tag/3.5.12",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dzikoysk/reposilite/releases/tag/3.5.12"
},
{
"name": "https://github.com/dzikoysk/reposilite/security/advisories/GHSA-82j3-hf72-7x93",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dzikoysk/reposilite/security/advisories/GHSA-82j3-hf72-7x93"
},
{
"name": "https://github.com/dzikoysk/reposilite/commit/e172ae4b539c822d0d6e04cf090713c7202a79d6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dzikoysk/reposilite/commit/e172ae4b539c822d0d6e04cf090713c7202a79d6"
}
],
"source": {
"advisory": "GHSA-w7c4-5w4f-jm3g",
"discovery": "UNKNOWN"
},
"title": "Path traversal while serving Reposilite javadoc expanded files"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-36117",
"datePublished": "2024-06-19T17:37:24.404Z",
"dateReserved": "2024-05-20T21:07:48.189Z",
"dateUpdated": "2024-11-04T18:25:47.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36116 (GCVE-0-2024-36116)
Vulnerability from cvelistv5 – Published: 2024-06-19 17:37 – Updated: 2024-08-02 03:30
VLAI?
Title
Path traversal in Reposilite javadoc file expansion
Summary
Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite provides support for JavaDocs files, which are archives that contain documentation for artifacts. Specifically, JavadocEndpoints.kt controller allows to expand the javadoc archive into the server's file system and return its content. The problem is in the way how the archives are expanded, specifically how the new filename is created. The `file.name` taken from the archive can contain path traversal characters, such as '/../../../anything.txt', so the resulting extraction path can be outside the target directory. If the archive is taken from an untrusted source, such as Maven Central or JitPack for example, an attacker can craft a special archive to overwrite any local file on Reposilite instance. This could lead to remote code execution, for example by placing a new plugin into the '$workspace$/plugins' directory. Alternatively, an attacker can overwrite the content of any other package. Note that the attacker can use its own malicious package from Maven Central to overwrite any other package on Reposilite. Reposilite has addressed this issue in version 3.5.12. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-073.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| dzikoysk | reposilite |
Affected:
>= 3.3.0, < 3.5.12
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dzikoysk:reposilite:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "reposilite",
"vendor": "dzikoysk",
"versions": [
{
"lessThan": "3.5.12",
"status": "affected",
"version": "3.3.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36116",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T18:00:48.460406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T20:49:06.320Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/dzikoysk/reposilite/security/advisories/GHSA-frvj-cfq4-3228",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dzikoysk/reposilite/security/advisories/GHSA-frvj-cfq4-3228"
},
{
"name": "https://github.com/dzikoysk/reposilite/commit/848173738e4375482c70365db5cebae29f125eaa",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dzikoysk/reposilite/commit/848173738e4375482c70365db5cebae29f125eaa"
},
{
"name": "https://github.com/dzikoysk/reposilite/releases/tag/3.5.12",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dzikoysk/reposilite/releases/tag/3.5.12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "reposilite",
"vendor": "dzikoysk",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.3.0, \u003c 3.5.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite provides support for JavaDocs files, which are archives that contain documentation for artifacts. Specifically, JavadocEndpoints.kt controller allows to expand the javadoc archive into the server\u0027s file system and return its content. The problem is in the way how the archives are expanded, specifically how the new filename is created. The `file.name` taken from the archive can contain path traversal characters, such as \u0027/../../../anything.txt\u0027, so the resulting extraction path can be outside the target directory. If the archive is taken from an untrusted source, such as Maven Central or JitPack for example, an attacker can craft a special archive to overwrite any local file on Reposilite instance. This could lead to remote code execution, for example by placing a new plugin into the \u0027$workspace$/plugins\u0027 directory. Alternatively, an attacker can overwrite the content of any other package. Note that the attacker can use its own malicious package from Maven Central to overwrite any other package on Reposilite. Reposilite has addressed this issue in version 3.5.12. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-073."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-19T17:37:22.713Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dzikoysk/reposilite/security/advisories/GHSA-frvj-cfq4-3228",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dzikoysk/reposilite/security/advisories/GHSA-frvj-cfq4-3228"
},
{
"name": "https://github.com/dzikoysk/reposilite/commit/848173738e4375482c70365db5cebae29f125eaa",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dzikoysk/reposilite/commit/848173738e4375482c70365db5cebae29f125eaa"
},
{
"name": "https://github.com/dzikoysk/reposilite/releases/tag/3.5.12",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dzikoysk/reposilite/releases/tag/3.5.12"
}
],
"source": {
"advisory": "GHSA-9xqv-7x2g-x23g",
"discovery": "UNKNOWN"
},
"title": "Path traversal in Reposilite javadoc file expansion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-36116",
"datePublished": "2024-06-19T17:37:22.713Z",
"dateReserved": "2024-05-20T21:07:48.188Z",
"dateUpdated": "2024-08-02T03:30:12.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36117 (GCVE-0-2024-36117)
Vulnerability from nvd – Published: 2024-06-19 17:37 – Updated: 2024-11-04 18:25
VLAI?
Title
Path traversal while serving Reposilite javadoc expanded files
Summary
Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version 3.5.12. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-074.
Severity ?
8.6 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| dzikoysk | reposilite |
Affected:
>= 3.3.0, < 3.5.12
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dzikoysk:reposilite:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "reposilite",
"vendor": "dzikoysk",
"versions": [
{
"lessThan": "3.5.12",
"status": "affected",
"version": "3.3.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36117",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T17:54:45.745469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T17:57:20.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:13.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/dzikoysk/reposilite/releases/tag/3.5.12",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dzikoysk/reposilite/releases/tag/3.5.12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "reposilite",
"vendor": "dzikoysk",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.3.0, \u003c 3.5.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version 3.5.12. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-074."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T18:25:47.436Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dzikoysk/reposilite/releases/tag/3.5.12",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dzikoysk/reposilite/releases/tag/3.5.12"
},
{
"name": "https://github.com/dzikoysk/reposilite/security/advisories/GHSA-82j3-hf72-7x93",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dzikoysk/reposilite/security/advisories/GHSA-82j3-hf72-7x93"
},
{
"name": "https://github.com/dzikoysk/reposilite/commit/e172ae4b539c822d0d6e04cf090713c7202a79d6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dzikoysk/reposilite/commit/e172ae4b539c822d0d6e04cf090713c7202a79d6"
}
],
"source": {
"advisory": "GHSA-w7c4-5w4f-jm3g",
"discovery": "UNKNOWN"
},
"title": "Path traversal while serving Reposilite javadoc expanded files"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-36117",
"datePublished": "2024-06-19T17:37:24.404Z",
"dateReserved": "2024-05-20T21:07:48.189Z",
"dateUpdated": "2024-11-04T18:25:47.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36116 (GCVE-0-2024-36116)
Vulnerability from nvd – Published: 2024-06-19 17:37 – Updated: 2024-08-02 03:30
VLAI?
Title
Path traversal in Reposilite javadoc file expansion
Summary
Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite provides support for JavaDocs files, which are archives that contain documentation for artifacts. Specifically, JavadocEndpoints.kt controller allows to expand the javadoc archive into the server's file system and return its content. The problem is in the way how the archives are expanded, specifically how the new filename is created. The `file.name` taken from the archive can contain path traversal characters, such as '/../../../anything.txt', so the resulting extraction path can be outside the target directory. If the archive is taken from an untrusted source, such as Maven Central or JitPack for example, an attacker can craft a special archive to overwrite any local file on Reposilite instance. This could lead to remote code execution, for example by placing a new plugin into the '$workspace$/plugins' directory. Alternatively, an attacker can overwrite the content of any other package. Note that the attacker can use its own malicious package from Maven Central to overwrite any other package on Reposilite. Reposilite has addressed this issue in version 3.5.12. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-073.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| dzikoysk | reposilite |
Affected:
>= 3.3.0, < 3.5.12
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dzikoysk:reposilite:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "reposilite",
"vendor": "dzikoysk",
"versions": [
{
"lessThan": "3.5.12",
"status": "affected",
"version": "3.3.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36116",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T18:00:48.460406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T20:49:06.320Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/dzikoysk/reposilite/security/advisories/GHSA-frvj-cfq4-3228",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dzikoysk/reposilite/security/advisories/GHSA-frvj-cfq4-3228"
},
{
"name": "https://github.com/dzikoysk/reposilite/commit/848173738e4375482c70365db5cebae29f125eaa",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dzikoysk/reposilite/commit/848173738e4375482c70365db5cebae29f125eaa"
},
{
"name": "https://github.com/dzikoysk/reposilite/releases/tag/3.5.12",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dzikoysk/reposilite/releases/tag/3.5.12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "reposilite",
"vendor": "dzikoysk",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.3.0, \u003c 3.5.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite provides support for JavaDocs files, which are archives that contain documentation for artifacts. Specifically, JavadocEndpoints.kt controller allows to expand the javadoc archive into the server\u0027s file system and return its content. The problem is in the way how the archives are expanded, specifically how the new filename is created. The `file.name` taken from the archive can contain path traversal characters, such as \u0027/../../../anything.txt\u0027, so the resulting extraction path can be outside the target directory. If the archive is taken from an untrusted source, such as Maven Central or JitPack for example, an attacker can craft a special archive to overwrite any local file on Reposilite instance. This could lead to remote code execution, for example by placing a new plugin into the \u0027$workspace$/plugins\u0027 directory. Alternatively, an attacker can overwrite the content of any other package. Note that the attacker can use its own malicious package from Maven Central to overwrite any other package on Reposilite. Reposilite has addressed this issue in version 3.5.12. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-073."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-19T17:37:22.713Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dzikoysk/reposilite/security/advisories/GHSA-frvj-cfq4-3228",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dzikoysk/reposilite/security/advisories/GHSA-frvj-cfq4-3228"
},
{
"name": "https://github.com/dzikoysk/reposilite/commit/848173738e4375482c70365db5cebae29f125eaa",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dzikoysk/reposilite/commit/848173738e4375482c70365db5cebae29f125eaa"
},
{
"name": "https://github.com/dzikoysk/reposilite/releases/tag/3.5.12",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dzikoysk/reposilite/releases/tag/3.5.12"
}
],
"source": {
"advisory": "GHSA-9xqv-7x2g-x23g",
"discovery": "UNKNOWN"
},
"title": "Path traversal in Reposilite javadoc file expansion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-36116",
"datePublished": "2024-06-19T17:37:22.713Z",
"dateReserved": "2024-05-20T21:07:48.188Z",
"dateUpdated": "2024-08-02T03:30:12.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}